Configuring and Managing
1. You are the administrator of 10 Windows XP Professional computers that are members of a Windows 2000
domain. Because the computers are used in a public area you audit all security events on the computers. A user
named IT2 Salazar reports that while he was using one of the computers it suddenly shut down with a STOP
error. When the computer restarted, IT2 Salazar attempts to log on by using the same user name and password
that he used before, but receives the following error message: "Your account is configured to prevent you from
using this computer. Please try another computer." IT2 states that he did not do anything to cause the STOP
error to occur. You want to ensure that IT2 Salazar can get his homework done on this computer. What should
A. On the computer, save and clear the security log, set the CrashOnAuditFail setting to 1, and restart the
B. On the computer, modify the local audit policy so that system events are not audited, set the
CrashOnCtrlScroll setting to 1, and restart the computer.
C. In the domain, modify IT2's LogonWorkstations list to include the name of the computer.
D. In the domain, modify IT2's account properties to unlock the account.
2. The network in the MCP classroom contains 23 Windows XP Professional computers that were installed by
using a RIS image. These computers also use a security template named Standard.inf, which you created and
applied to the computers. Navy Information Assurance (IA) releases a new security template named
Corporate.inf which you are instructed to apply to all 23 computers in the classroom. You are tasked to make a
list of all policies that are defined in the Corporate.inf but that are not already enforced on the computers. You
import Corporate.inf into the Security Configuration and Analysis console on your computer. Which policies
should you document?
A. The policies that are displayed with an
X or an exclamation point in the analysis.
B. The policies that are displayed with a
check mark in the analysis .
C. The policies that are displayed as
Enabled in the Computer Setting column .
D. The policies that are displayed as
Disabled in the Computer Setting column
3. You are the desktop administrator IT”A” School. The school's network contains 1,000 Windows XP Professional
computers, which are members of a single Active Directory domain and all the computers’ hard disks are formatted
as NTFS. The school's software developers release a new custom application that uses a .dll file named
AppLib.dll, which is installed in a folder named \Program Files\Eagle\OpsApp. The school's help desk technicians
report that several users are experience problems when they use the application because the AppLib.dll file was
deleted on their client computers. The school's software developers recommend that you modify the file
permissions on AppLib.dll so that users have only Read permission on the file. You need to ensure that all users
have only Read permission on the AppLib.dll file on all 1,000 Windows XP Professional computers. What should
A. Write a logon script that moves the AppLib.dll file into the %systemroot%\System32 folder. Ensure that Windows File
Protection is enabled on all 1,000 Windows XP Professional computers. Apply the logon script to all domain user
B. Repackage the customer application in a Windows Installer package. Ask a domain administrator to create a Group
Policy object (GPO) that advertises the package to all domain user accounts.
C. Use the Security Configuration and Analysis console to create a new security template that modifies the file permissions
on AppLib.dll. Use the Active Directory Group Policy to import and apply the template to all 1,000 Windows XP
D. Write a Microsoft Visual Basic Scripting Edition (VBScript) file named Modify.vbs that modifies the file permissions on
AppLib.dll. E mail Modify.vbs to all company employees
4. You are the desktop administrator for ITOF which has a network that consist of a single Microsoft Windows NT
domain with 2000 Windows XP Professional computers. The IA department releases a new security template
named New.inf. You are tasked to apply this new template to all 2000 computers. You use the Security
Configuration and Analysis console to import New.inf into a security database named Security.sdb. Copy
Security.sdb to a folder named Sec on a server named Eagle1. How will you apply New.inf to the computers?
A. Use the Security Configuration and Analysis console to export a template named New.inf from
Security.sdb. Copy New.inf to each client computer.
B. Write a logon script that copies Security.sdb to the %systemroot%\System32 folder on each client
C. Copy Security.sdb to the Netlogon shared folder on each domain controller.
D. Write a logon script that runs the Secedit /configure /db \\Eagle1\Sec\Security.sdb command. Apply the
logon script to all domain user accounts.
5. The IT schoolhouse’s network contains 500 Windows XP Professional computers. The IA department releases
a new security template named NewSec.inf. You import NewSec.inf into a security database named
NewSec.sdb. You analyze the result, and you review the changes that the template makes. You examine the
security policies that are defined in NewSec.inf and discover that the settings in NewSec.inf have not been
implemented on your computer. You need to ensure that the settings in NewSec.inf overwrite the settings in your
computer's local security policy. What are two possible ways to achieve this goal? (Each correct answer
presents a complete solution. Choose two.)
A. Run the Secedit /configure /db C:\NewSec.sdb command.
B. Run the Secedit /refreshpolicy machine_policy command.
C. Copy NewSec.inf to the C:\Windows\Inf folder.
D. Copy NewSec.sdb to the C:\Windows\System32\Microsoft\Protect folder.
E. Use the Security Configuration and Analysis console to open NewSec.sdb and then to perform a
F. Use the Security Configuration and Analysis console to export NewSec.sdb to the Defltwk.inf security
6. The network for the ITOF School contains 1000 Windows XP Professional computers that are configured with
the students.inf security template. One of the network administrators in the Main building creates a new security
template named instructors.inf which is designed to be applied to all computers; however the users in the school
have different security requirements from the users in the main building. You need to find out whether the new
security template will violate the requirements of the school, what should you do?
A. Run the Secedit.exe command in validation mode and specify the new security template.
B. Run the Secedit.exe command in configuration mode and specify the new security template.
C. Use the Security Configuration and Analysis console to import both templates into a security database,
and then perform an Analyze operation.
D. Use the Security Configuration and Analysis console to import both templates into a security database,
and then perform a Configure operation.
7. The IT administrator for ITOF creates a custom policy that will apply to a custom application that is loaded on
the instructor's Windows XP Professional computers. He deploys this policy by using Group Policy. When you
inspect the instructor's computers, you find out that the application has not been modified by the policy. You
want to examine Windows XP Professional to find out whether the custom policy is affecting the correct location
in the Registry. Which command should you run?
8. The IT administrator for the school needs to distribute a custom application to the Windows XP Professional
computers in the A+ classroom. He deploys the software by using Group Policy. Mr. Dowling is an instructor
in the A+ classroom. He reports that the custom application is not available. You examine his computer, and
you verify that the application is not present. You want to ensure that the software is deployed the next time
Mr. Dowling logs on. Which command should you run?
A. Secedit /refreshpolicy user_policy /enforce
B. Secedit /refreshpolicy machine_policy /enforce
C. Gpupdate /target:computer /sync
D. Gpupdate /target:user /sync
9. The IA department releases a new security requirement that states that the Telnet service may not be started on
any government-owned client computer. You need to create a new security template that prevents the Telnet
service from starting on government-owned client computers. You open the Security Configuration and
Analysis console on your Windows XP Professional computer. Which portion of the console do you need to
10. The IT office needs to distribute three custom applications to the schoolhouse’s Windows XP Professional
computers. They deploy these applications using a Group Policy. Some users report that they must log on
several times before the newly deployed applications are present on their computers. What should you do to
ensure that all software is deployed the next time the users log on?
A. Enable the Always wait for the network at computer startup and logon policy.
B. Enable the Always use classic logon policy.
C. Enable the Turn off background refresh of Group Policy policy.
D. Enable the Group Policy slow link detection policy.
11. IT1 Joseph frequently travels to different commands to deliver MCP training. Because he travels his Windows XP
Professional portable computer has a smart card reader for security. IT1 request that you configure his computer to enable
dial in to the schoolhouse network when he is traveling. Navy IA security policies state that dial-in users must use a
smartcard when they connect to the network and that users use the strongest form of data encryption possible. Policy also
directs that client computers must disconnect if the Routing and Remote Access server does not support both smartcard
authentication and the strongest possible authentication. Your task is to configure the dial-up connection properties on IT1
Joseph’s computer to dial in to the schoolhouse network making sure that Navy security policies are enforced. Which three
action should you take? (Each correct answer presents part of the solution, Choose 3)
A. Select the Advanced (custom settings) security option.
B. Select the Require data encryption check box.
C. Select the Typical (recommended settings) security option.
D. Select the Use smart card item from the Validate my identity as follows list.
E. Select the Maximum strength encryption item from the Data encryption list.
F. Select the Allow these protocols option, and select the MS-CHAP v2 check box.
G. Select the Extensible Authentication Protocol (EAP) option, and select Smart Card or other Certificate from the EAP
12. You are the administrator of a Windows XP Professional computer named Trust which is connected to the
internet and provides internet access to nine other computers. Trust has Internet Connection Sharing (ICS)
and Internet Connection Firewall (ICF) enabled. You run an application named Honor on Trust that
communicates with an online training Command on the Internet. In order to display an online the training
Command needs to contact the Honor application at port 5800. You want to ensure that the training Command
can connect to the Honor application, what should you do?
A. Configure ICF to enable the Internet Control Message Protocol (ICMP) Allow redirect option. Then start
the Honor application that opens port 5800.
B. Create a new service definition named Honor. Use port 5800 as the external and internal port number.
C. Edit the %systemroot%\System32\Drivers\Etc\Services file on Trust to include a service definition
named Honor for port 5800.
D. Change the TCP/IP settings on Trust to enable TCP/IP filtering. Permit network traffic on port 5800.
13. You are the desktop administrator for ITOF where all instructors have Windows XP Professional computers
and members of the local Users group on their own computers. An instructor in A+ has a removable disk
cartridge drive on his computer. The disk cartridge contains an unsupported, third-party file system.
Whenever the instructor tries to save data to the disk cartridge, they are prompted to reformat the disk
cartridge. However, they receive an “access denied” error message when attempting to reformat. You need to
enable the instructors to save testing data to the disk cartridge. What should you do?
A. Instruct the user to format the cartridge as FAT32.
B. Remove the Read-only attribute from the disk cartridge.
C. Add the user to the Power Users local group on the computer.
D. Grant the user Allow - Full Control permission on the disk cartridge.
E. Configure the local security settings to allow the user to format and eject removable media.